I have asked for approval to add this comment to the OTP link but i put it here also incase its not approved.
Hi,
I would like to add some additional info I have experienced during the implementation of the email based OTP design. The build I have implemented is based on a version of the F5 Tutorial provided with a slight difference. My client is not using a sms gateway or email server to send emails to the user but a mixture of both: the principle is still the same for the email based OTP.
My build works like this, the F5 points to an smtp server as a relay server, which sends an email to mysmsserviceonline@telco.com to send the text message to the user.
I followed the instructions to setup mail relay from the guide
http://support.f5.com/kb/en-us/solutions/public/3000/600/sol3664.html
ltm01 ~ cat /etc/postfix/main.cf | grep relay
relayhost = [smtp.server.com]
To provide accountability and auditable for my client, I created a custom log, using the guide below:
https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1084377/Writing-to-and-rotating-custom-log-files.aspx
OTP EMAIL Scipt
I amended the script to my needs,
!/bin/bash
while true
do
tail -n0 -f /var/log/customlog | while read line
do
var2=`echo "$line" | grep -i otp | awk -F'[,]' '{ print $2 }'`
var3=`echo "$line" | grep -i otp | awk -F'[,]' '{ print $3 }'`
var4=`echo "$line" | grep -i otp | awk -F'[,]' '{ print $4 }'`
Mobile number from AD
var6=`echo "$line" | grep -i otp | awk -F'[,]' '{ print $6 }'`
Strips whitespaces from mobile number
var6=`echo "$var6" | sed 's/ //g'`
if [ "$var3" = "otp" -a -n "$var4" ]; then
I was required to amend header to lock down who was requiring access by using '-- -f ', email address pulled from AD
echo One Time Password is $var4 | mail $var6@telcosmsgateway.com -- -f user@myclient.com
fi
done
done
I had several issues with the script being called; basically, if I ran it manually it would work however the script wouldn’t get called automatically. I tried several options before I came up with my solution; one suggestion was to use user_alerf config file to call my program, this worked in a fashion, but the delay between when it was called was too great for the APM session.
https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/44/aft/1178752/showtab/groupforums/Default.aspx1227184
https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/256/Custom-SNMP-Traps.aspx
To get round my issue I came up with two custom scripts to ensure the script ruan in the background. The first would run every 5 minutes to check the script is still running and restart if necessary and the other would restart the script at 4:05am.
The reason for the second script was I encountered some issues with the log file rollover; the script was still running but would not process requests. I believe the issue was due to the customlog being tarred and so the ‘while true’ was no longer valid.
I tested this by manually deleting the log and testing. It held true, I had to manually restart syslog-ns to make the script write to the log again.
These are the scripts I used:
OTPEmailCheck.sh
!/bin/bash
RUNNING=`ps -ef | grep OTPEmail.sh | grep -v grep | awk '{print $2}'`
echo $RUNNING
If the variable RUNNING has not been define i.e. is empy then run
if [[ -z $RUNNING ]]; then
/config/OTPEmail.sh &
echo "script stated"
else
echo "already running"
fi
OTPEmailRestart.sh
!/bin/bash
RUNNING=`ps -ef | grep OTPEmail.sh | grep -v grep | awk '{print $2}'`
echo $RUNNING
if [[ -z $RUNNING ]]; then
echo "OTPEmail.sh is not running. OTPEmailCheck.sh will start program within 5mins"
else
KILL=`kill -9 $RUNNING`
echo $KILL
/config/OTPEmail.sh &
echo "OTPEmail.sh was restated"
fi
Crontab
5 * * * * /bin/bash /root/scripts/OTPEmailCheck.sh
5 4 * * * /bin/bash /root/scripts/OTPEmailRestart.sh
After that it worked as desired.
Hope this helps someone else who’s having issues
Ferg.
Nimbostratus
